npm - @startanaicompany/cli - Versions diffs - 1.9.1 → 1.9.2 - Mend

@startanaicompany/cli 1.9.1 → 1.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/src/commands/exec.js +24 -15

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@startanaicompany/cli",
-  "version": "1.9.1",
+  "version": "1.9.2",
   "description": "Official CLI for StartAnAiCompany.com - Deploy AI recruitment sites with ease",
   "main": "src/index.js",
   "bin": {

package/src/commands/exec.js CHANGED Viewed

@@ -111,27 +111,36 @@ async function exec(command, options = {}) {
       spin.succeed('Command executed');
     } catch (error) {
-      spin.fail('Command execution failed');
+      spin.fail('Command not allowed');
       if (error.response?.status === 400) {
-        const data = error.response.data;
+        const data = error.response.data || {};
         logger.newline();
-        if (data.error === 'VALIDATION_ERROR') {
-          logger.error('Command validation failed');
+        // Show clear "command not allowed" message for all 400 errors
+        logger.error('This command is blocked for security reasons');
+        // Show backend error message if available (note: field is 'error', not 'message')
+        if (data.error) {
           logger.newline();
-          logger.warn(data.message);
-          if (data.message.includes('not in allowlist')) {
-            logger.newline();
-            logger.info('Allowed commands include:');
-            logger.log('  Node.js: npm, node, npx, yarn, pnpm');
-            logger.log('  Python: python, python3, pip, poetry');
-            logger.log('  Ruby: bundle, rake, rails');
-            logger.log('  Shell: sh, bash, echo, cat, ls, pwd');
-            logger.log('  Database: psql, mysql, mongosh');
-          }
+          logger.warn(data.error);
         }
+        logger.newline();
+        logger.info('Allowed commands include:');
+        logger.log('  Node.js: npm, node, npx, yarn, pnpm');
+        logger.log('  Python: python, python3, pip, poetry');
+        logger.log('  Ruby: bundle, rake, rails, ruby');
+        logger.log('  Shell: sh, bash, echo, cat, ls, pwd, env');
+        logger.log('  Database: psql, mysql, mongosh');
+        logger.log('  Build: go, cargo, make, cmake');
+        logger.newline();
+        logger.info('Blocked for security:');
+        logger.log('  System commands: whoami, ps, top, kill');
+        logger.log('  Destructive operations: rm, chmod, chown');
+        logger.log('  Advanced shell features: pipes (|), redirects (>), command substitution');
+        process.exit(1);
       } else if (error.response?.status === 408) {
         logger.newline();
         logger.error('Command execution timed out');